Conversation
…ers, payment receipts, products, purchase orders, sales orders, and reports - Added GET and POST endpoints for journal vouchers to manage journal entries and ledger updates. - Implemented payment receipts handling with invoice payment status updates. - Created product management routes for fetching and adding products. - Developed purchase order routes with item management and total calculations. - Added sales order routes for managing sales and associated items. - Implemented various report generation endpoints for purchase, sales, stock, and trial balance. - Introduced user management routes with password handling and organization-specific settings. - Added utility functions for API responses, currency formatting, date formatting, and document number generation. - Integrated multi-language support for English and Bangla in the application.
…les, masters, and reports - Created ERP layout with sidebar navigation and user menu - Developed Masters page for managing master data (customers, suppliers, products, users) - Implemented Purchase page for tracking purchase orders with statistics and search functionality - Added Sales page for managing sales orders with analytics and quick actions - Created Reports page for generating various financial reports with date range filtering
![mesa-dot-dev[bot]](https://avatars.githubusercontent.com/in/1050077?s=60&v=4){kind=small}
There was a problem hiding this comment.
Performed full review of 74316d1...3037bc1
Analysis
-
Complete Lack of Authentication/Authorization: All API routes are unprotected with no session validation or permission checks, allowing any client to access any organization's data simply by manipulating the orgId parameter - a critical security vulnerability.
-
Database Schema Issues: Multiple definitions exist for the same logical entities (customers, suppliers, purchaseOrders), creating conflicts. The schema also lacks proper indexing and essential constraints on required fields.
-
Financial Data Integrity Risks: Financial operations lack database transaction management, creating risk of data corruption. Critical issues include incorrect weighted average cost calculation, no validation that debits equal credits in journal entries, and race conditions in stock balance updates.
-
Data Type Inconsistencies: The system uses string storage for financial amounts in the API layer but decimal precision in the database, leading to precision loss. Direct use of parseFloat() on financial calculations introduces compounding rounding errors.
-
Inadequate Error Handling: Financial operations that fail mid-process don't have rollback mechanisms, potentially leaving the system in an inconsistent state during failures.
Tip
Help
Slash Commands:
/review- Request a full code review/review latest- Review only changes since the last review/describe- Generate PR description. This will update the PR body or issue comment depending on your configuration/help- Get help with Mesa commands and configuration options
53 files reviewed | 8 comments | Edit Agent Settings • Read Docs
| }); | ||
|
|
||
| // Supplier Master | ||
| export const supplierTable = pgTable("suppliers", { |
There was a problem hiding this comment.
Critical: Duplicate table definition. Both supplierTable (line 179) and suppliersTable (line 403) are defined, which will cause database migration failures. The same issue exists for customers (lines 229 & 383) and purchase orders (lines 82 & 497). You must remove the duplicate definitions and ensure all foreign key references point to the correct table name.
Agent: 🤖 General •
| } = body; | ||
|
|
||
| // Create payment receipt | ||
| const newReceipt = await db |
There was a problem hiding this comment.
Race condition and missing transaction: The payment receipt creation (line 40) and invoice status update (line 70) are not atomic. If multiple concurrent payments are made for the same invoice, the status could be incorrectly calculated or one payment could overwrite another's status update. Wrap lines 40-73 in db.transaction() and add optimistic locking.
Agent: 🤖 General •
| .from(invoiceTable) | ||
| .where(eq(invoiceTable.id, invoiceId)); | ||
|
|
||
| if (invoice.length > 0) { |
There was a problem hiding this comment.
Critical business logic flaw: The payment status calculation (lines 59-68) only considers the current payment amount against the invoice total, but doesn't account for previous payments. If a customer makes multiple partial payments, only the last payment amount is compared to the invoice total, causing incorrect status. You need to query and sum all existing payments for this invoice before determining the status.
Agent: 🤖 General •
| ): number { | ||
| const totalQuantity = previousQuantity + newQuantity; | ||
| if (totalQuantity === 0) return 0; | ||
| return (previousCost + newCost) / totalQuantity; |
There was a problem hiding this comment.
Critical mathematical error: The weighted average cost calculation is incorrect. Currently: (previousCost + newCost) / totalQuantity. This should be: (previousQuantity * previousCost + newQuantity * newCost) / totalQuantity. The current formula will produce severely incorrect inventory valuations, leading to financial misstatements.
Agent: 🤖 General •
| debit: decimal("debit", { precision: 15, scale: 2 }).default("0"), | ||
| credit: decimal("credit", { precision: 15, scale: 2 }).default("0"), | ||
| balance: decimal("balance", { precision: 15, scale: 2 }).default("0"), | ||
| transactionDate: timestamp("transaction_date |
There was a problem hiding this comment.
Critical syntax error: Line 258-259 has a corrupted timestamp definition with a line break inside the string "transaction_date\n". This will prevent the schema from compiling. Should be timestamp("transaction_date").defaultNow().
Agent: 🤖 General •
| ).toString(), | ||
| }); | ||
|
|
||
| // Update or create stock balance |
There was a problem hiding this comment.
Critical race condition: Stock balance updates (lines 78-117) are not wrapped in a database transaction. If multiple GRNs are processed concurrently for the same product/warehouse, this will cause lost updates and incorrect stock quantities. Wrap the entire GRN creation and stock update logic in db.transaction() to ensure atomicity.
Agent: 🤖 General •
| .select() | ||
| .from(stockBalanceTable) | ||
| .where( | ||
| eq(stockBalanceTable.warehouseId, warehouseId) & |
There was a problem hiding this comment.
Critical SQL syntax error: Using bitwise AND operator & instead of logical AND for combining WHERE conditions. This will cause the query to fail. Use Drizzle's and() helper: where(and(eq(stockBalanceTable.warehouseId, warehouseId), eq(stockBalanceTable.productId, item.productId))).
Agent: 🤖 General •
1 participant
TL;DR
This PR pivots the project from an AI application builder to a comprehensive, production-ready Enterprise Resource Planning (ERP) system, complete with a new backend, frontend, database schema, and extensive documentation.
Why we made these changes
To build and launch a complete ERP solution with modules for sales, purchasing, inventory, accounting, and reporting. This change establishes the foundational backend, frontend, and database for the new system, replacing the previous project scope entirely.
What changed?
README.md, the main application page (src/app/page.tsx), and the entire database schema.src/app/erp/layout.tsx) and dedicated pages for Sales, Purchase, Inventory, Accounting, Masters, and Reports. A new login page was also added using@stackframe/stack.src/db/schema.ts) using Drizzle ORM to support all ERP modules, along with the initial database migration script..gitignoreto exclude.envfiles and added VS Code extension recommendations and settings.Validation
No validation steps were provided.
Description generated by Mesa. Update settings